US-CERT Vulnerability Summary for the Week of July 3, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infosem-cms -- semcmsFile Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers...
News
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security
Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature...
Global Retailers Must Keep an Eye on Their SaaS Stack
Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can...
RomCom RAT Targeting NATO and Ukraine Support Groups
The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius...
New TOITOIN Banking Trojan Targeting Latin American Businesses
Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since...
Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems
Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds...
Mastodon Social Network Patches Critical Flaws Allowing Server Takeover
Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of...
RomCom RAT Targeting NATO and Ukraine Support Groups
The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius...
Close Security Gaps with Continuous Threat Exposure Management
CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and...
Global Retailers Must Keep an Eye on Their SaaS Stack
Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can...
Charming Kitten hackers use new ‘NokNok’ malware for macOS
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that...
US-CERT Vulnerability Summary for the Week of June 26, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xA use after free issue was addressed with improved memory...
New ‘Big Head’ ransomware displays fake Windows update alert
Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows...
US-CERT Vulnerability Summary for the Week of June 26, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xA use after free issue was addressed with improved memory...
Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China
Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security...
Close Security Gaps with Continuous Threat Exposure Management
CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and...
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used...
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last...
Critical TootRoot bug lets attackers hijack Mastodon servers
Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers...
CISA warns govt agencies to patch actively exploited Android driver
CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of...
MOVEit Transfer customers warned to patch new critical flaw
MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update...
Barracuda working on fix for ongoing Email Gateway login issues
Image: Bing Image Creator Email and network security firm Barracuda is working to fix an ongoing issue that triggers invalid...
US-CERT Vulnerability Summary for the Week of June 26, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xA use after free issue was addressed with improved memory...
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three...
